Adobe released an out of cycle patch that fixed two zero-day vulnerabilities (CVE-2013-0633, CVE-2013-0634) for Adobe Flash Player 11.5.502.146 and earlier versions for both Windows and Macintosh. The patch was released because the zero-days were being actively exploited for attacks in the wild. Symantec recommends applying the patch immediately.

I will openly raise the query- In a commercial environment- on work machines- what earthly use is there for installing Flash Player? Absent that few percent of workers where their mission requires Flash Content Create/Manipulate for their duties. IMHO Flash is at present- too large an exploit vector by nature. I fail to see why we're letting it creep into places it has no reason to be.

Yes- Flash is a valid entertainment animation/utility tool.

But seriously- does it have a place on PCI or HIPAA workstations? Or anyplace a breach could be devastating.

The cost of a breach outweighs any utility that "only" Flash provides.

There's no one true answer that balances security with what our users and marketplace want to do. Still?

We're tasked with Information Security. Asking us to add vectors instead of subtract them seems madness.

I will openly raise the query- In a commercial environment- on work machines- what earthly use is there for installing Flash Player? Absent that few percent of workers where their mission requires Flash Content Create/Manipulate for their duties. IMHO Flash is at present- too large an exploit vector by nature. I fail to see why we're letting it creep into places it has no reason to be.

Yes- Flash is a valid entertainment animation/utility tool.

But seriously- does it have a place on PCI or HIPAA workstations? Or anyplace a breach could be devastating.

The cost of a breach outweighs any utility that "only" Flash provides.

There's no one true answer that balances security with what our users and marketplace want to do. Still?

We're tasked with Information Security. Asking us to add vectors instead of subtract them seems madness.

Let me start off by saying that I hate flash and wish that it wasn't so prevalent. Let me also say that i disable it in the browser whenever I can get away with not using it.

Saying that though... I have a lot of systems that base their reporting and graphing off flashplayer, so if/when I need to use/see those reports I have to enable it.